We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byDora Davis
Modified about 1 year ago
© 2005 Convio, Inc. NTEN Webinar: Protecting your organization and donors from online scams February 23, 2006
2 © 2005 Convio, Inc. Online Fraud Techniques ■ Some current types of online fraud: ▶ 1. e-Commerce vendors can be defrauded of merchandise e.g. by people using stolen credit cards; this doesn't affect online donations, because there is no merchandise to be fenced / resold ▶ 2. Phishers trick people into giving them financial information ▶ 'ers use the internet to pitch victims ▶ 4. Carders use online donation websites to test stolen card numbers ▶ 5. Hackers break into computers to steal data ■ Many of these are of interest to nonprofits
3 © 2005 Convio, Inc. Fraud is not a new, internet-related problem ■ A donation phishing scam is no different than: ▶ someone standing in the mall shaking a collection tin with your organization's name on the side ▶ a fake fundraiser soliciting “donations” door to door or on the telephone ■ Because the internet is a newer medium, the public is less “street-wise” about how to spot scammers ■ Technology will never prevent fraud, education is the key solution
4 © 2005 Convio, Inc. What is a phishing scam? ■ Phishing is a technique used by online fraudsters to collect people's personal information to be used in subsequent fraud activities ■ Phishers try to obtain: ▶ credit card numbers ▶ names and addresses ▶ social security numbers ▶ passwords for online banking, PayPal, etc. ■ “Phished” data is now a commodity in online fraud circles – stolen credit card numbers sell for about $1 each in hacker forums
5 © 2005 Convio, Inc. How does phishing work? ■ The phisher sends out spam s which mimic those from a well known financial institution ■ A typical come-on line: “Come to our website to re-verify your login” ■ Links in the take the unwary to a website run by the phisher, which collects their data ■ The non-profit connection: After major disasters, phishers target potential donors to well known relief agencies like the Red Cross
6 © 2005 Convio, Inc. Phishing example Forged “From” address Link text is a PayPal URL, but clicking takes you to the phisher's site The usual pitch: “Your account information needs to be updated...”
7 © 2005 Convio, Inc. How can I help protect my donors from online fraud scams? ■ Educate donors to take a few simple precautions ▶ Be suspicious of unsolicited or unexpected ▶ Don’t click on untrusted links – instead, go directly to the organization’s Web site, or use a reputable search engine ▶ Always review credit card statements for unauthorized charges ■ Arm donors with the information they need ▶ Provide guidelines for locating your official Web site ▶ Actively promote your URL ▶ Tell donors who your service providers are for and donation processing
8 © 2005 Convio, Inc. Common misconceptions ■ “Make sure the URL matches the organization” ▶ In an HTML , the text of a link can be anything, including a different URL from the link target ▶ Many non-profits use a service provider, and their donation forms use the provider's secure URL ▶ Conversely, it's easy for a scammer to use a fake URL that's very hard to spot: remember paypaI.com (did you notice... “pay pie” with a capital “ I ” ? ) ■ “Nonprofits don't solicit donations by ” ▶ They certainly do, but only from opted-in list members... they don't spam
9 © 2005 Convio, Inc. How can I help protect my donors from online fraud scams? (2) ■ Encourage donors to verify the legitimacy of an organization before donating funds ▶ GuideStar: ▶ CharityNavigator: ■ Publish Sender Policy Framework (SPF) information for your “From” address ▶ Consult with your marketing provider ■ If you discover a fraud site ▶ Contact the host ISP and request that it be blocked ▶ File a report with the FBI at
10 © 2005 Convio, Inc. Carding: How it works ■ Carders use online donation sites to test stolen credit cards, to make sure they are still valid, before using them for fraud ▶ Carders make a small donation, and see if they get a thank-you page or a rejection ▶ Often done in large volumes with automated software ▶ Some fraudsters just make up card numbers using generator software, and use carding to find out which ones are real
11 © 2005 Convio, Inc. Carding: What should nonprofits do? ■ Carding does not defraud the nonprofit, but it is a nuisance to clean up after a carding run ■ What to do: ▶ Consult your service providers ▶ Anti-fraud technology can help to detect and block carding runs in progress ▶ If you get carded, you (or your provider) must refund the fake donations – keeping the money would be fraud, and will result in chargebacks
12 © 2005 Convio, Inc. Defending against hackers: what should my organization be doing? ■ Make security of donor information a priority: ▶ Don't be tempted to build an amateur donation form, use a professional solution: - No excuses... Network for Good is free ▶ Never collect and store credit card numbers or SSNs, and especially not on your website – a hacker can't break into data you don't have ▶ Never donor information ▶ Make sure your donor database is very secure ▶ If you are using SSNs as member id's... stop! ▶ Sloppy security is becoming less tolerated - example: California SB 1386 “Hacking Disclosure” Law
ING Fraud Collection GPCE Credit Union has arranged a collection of scams, outlining the most prevalent financial scams. We want our members to be aware,
What Are Scams? Scams are designed to trick you into giving away your money or your personal details. Scams come to you in many forms – by mail, ,
National Crime Prevention Council 2005 Identity Theft and Strategies for Crime Prevention.
Preventing Its More Than Just Your Wallet…. Identity Theft One New Identity Theft Victim Every 3 Seconds in 2012 (Javelin Strategy & Researchs 2012 Identity.
SECURITY AWARENESS. The Importance of Security Awareness Training Security Awareness Training provides the knowledge to protect information systems and.
CYBER SECURITY October 2009 ARE YOU AWARE? The Federal Trade Commission reports that: For the seventh year in a row, identity theft tops the list, accounting.
Personal Privacy Identity protection in this wired world.
Personal Information Security and Malware Awareness Workshop Bard College at Simons Rock Information Technology Services (ITS) Summer 2012 (Please sign.
Fraud Protection. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.
CONSUMER ACTION - Credit Card Fraud Training Credit Card Fraud An Educational Partnership of Consumer Action and Chase ©2009.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.
Mount Auburn Hospital Information Security Awareness Training How to protect electronic information at work and at home.
Identity Theft and You Identity Theft and You Updated May of 2007.
Personal Information Security Workshop Williams College Office for Information Technology (OIT) Winter 2010.
Parenting the Online Child. Your Child Is on the Internet The Internet is a wonderful research tool. Reliance on the Internet in schools has grown rapidly.
Objective 7.03 Understand ways to avoid identity theft. Identity Theft.
COMPUTER NETWORKS. COMMUNICATION BETWEEN COMPUTERS For a computer to communicate with each other (which may be a completely different system) an interface.
CYBER SECURITY-PHISHING: DON’T BECOME A VICTIM OF FRAUD.
Phishing, what you should know L kout Initiative.
Desktop Self-Defense Instructor: Eileen OShea An Infopeople Workshop Fall/Winter 2005.
Cyber Safety Awareness Bahrain British Business Forum 21 February 2012 Ahmed J. Aldoseri Cyber Safety Director, TRA Bahrain ECSA, CEH, CEI, RHCI, RHCE,
Social Engineering: A Test of Your Common Sense By Frederick Gallegos, CISA, CGFM, CDE Computer Info Systems Dept.
By Janie and Michael Jones. Our Purpose Purpose of this workshop is to help you: Develop a Marketing Plan Generate Free Leads Drive Traffic To Your Website.
Reveal Course on Communication - Advanced This project has been funded with support from the European Commission. This publication reflects the views only.
1 Identity Theft Prevention Practical, simple precautions for you and your business.
Identity Theft Presented by Lawrence County Sheriffs Office and Lawrence County Information Systems & Technology.
Common types of online attacks Dr.Talal Alkharobi.
IDENTITY THEFT Awareness and Prevention. What is Identity Theft? IDENTITY THEFT occurs when someone wrongfully acquires and uses a consumers personal.
Healthcare Fraud and Scams: The Impact on Elders.
© 2016 SlidePlayer.com Inc. All rights reserved.